}
break;
}
-
- if (!pkcs10 && !dn)
- {
- error = "--dn is required";
- goto usage;
- }
if (!cacert)
{
error = "--cacert is required";
error = "--cakey or --keyid is required";
goto usage;
}
- if (dn)
+ if (dn && *dn)
{
id = identification_create_from_string(dn);
if (id->get_type(id) != ID_DER_ASN1_DN)
goto end;
}
}
+ else
+ {
+ id = identification_create_from_encoding(ID_DER_ASN1_DN,
+ chunk_from_chars(ASN1_SEQUENCE, 0));
+ }
DBG2(DBG_LIB, "Reading ca certificate:");
ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
issue, 'i', "issue",
"issue a certificate using a CA certificate and key",
{"[--in file] [--type pub|pkcs10] --cakey file | --cakeyid hex",
- " --cacert file --dn subject-dn [--san subjectAltName]+",
+ " --cacert file [--dn subject-dn] [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--crl uri [--crlissuer i] ]+ [--ocsp uri]+",
"[--ca] [--pathlen len] [--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
"[--nc-permitted name] [--nc-excluded name]",